Value-Range Analysis of C Programs: Towards Proving the Absence of Buffer Overflow Vulnerabilities

0 avg rating
( 0 ratings by Goodreads )
 
9781849967020: Value-Range Analysis of C Programs: Towards Proving the Absence of Buffer Overflow Vulnerabilities
View all copies of this ISBN edition:
 
 

Abu?erover?owoccurswheninputiswrittenintoamemorybu?erthatisnot large enough to hold the input. Bu?er over?ows may allow a malicious person to gain control over a computer system in that a crafted input can trick the defectiveprogramintoexecutingcodethatisencodedintheinputitself.They are recognised as one of the most widespread forms of security vulnerability, and many workarounds, including new processor features, have been proposed to contain the threat. This book describes a static analysis that aims to prove the absence of bu?er over?ows in C programs. The analysis is conservative in the sense that it locates every possible over?ow. Furthermore, it is fully automatic in that it requires no user annotations in the input program. Thekeyideaoftheanalysisistoinferasymbolicstateforeachp- gram point that describes the possible variable valuations that can arise at that point. The program is correct if the inferred values for array indices and pointer o?sets lie within the bounds of the accessed bu?er. The symbolic state consists of a ?nite set of linear inequalities whose feasible points induce a convex polyhedron that represents an approximation to possible variable valuations. The book formally describes how program operations are mapped to operations on polyhedra and details how to limit the analysis to those p- tionsofstructuresandarraysthatarerelevantforveri?cation.Withrespectto operations on string bu?ers, we demonstrate how to analyse C strings whose length is determined by anul character within the string.

"synopsis" may belong to another edition of this title.

From the Back Cover:

The use of static analysis techniques to prove the partial correctness of C code has recently attracted much attention due to the high cost of software errors - particularly with respect to security vulnerabilities. However, research into new analysis techniques is often hampered by the technical difficulties of analysing accesses through pointers, pointer arithmetic, coercion between types, integer wrap-around and other low-level behaviour. Axel Simon provides a concise, yet formal description of a value-range analysis that soundly approximates the semantics of C programs using systems of linear inequalities (polyhedra).

The analysis is formally specified down to the bit-level while providing a precise approximation of all low-level aspects of C using polyhedral operations and, as such, it provides a basis for implementing new analyses that are aimed at verifying higher-level program properties precisely. One example of such an analysis is the tracking of the NUL position in C string buffers, which is shown as an extension to the basic analysis and which thereby demonstrates the modularity of the approach.

While the book focuses on a sound analysis of C, it will be useful to any researcher and student with an interest in static analysis of real-world programming languages. In fact, many concepts presented here carry over to other languages such as Java or assembler, to other applications such as taint analysis, array and shape analysis and possibly even to other approaches such as run-time verification and test data generation.

Review:

From the reviews:

"This book describes a static analysis that aims to prove the absence of buffer overflows in C programs. ... The book formally describes how program operations are mapped to operations on polyhedra. ... Many concepts presented here carry over to other languages such as Java or assembler. So it will be useful to any researcher and student with an interest in static analysis of real-world programming languages." (Stefan Meyer, Zentralblatt MATH, Vol. 1155, 2009)

"About this title" may belong to another edition of this title.

Other Popular Editions of the Same Title

9781848000162: Value-Range Analysis of C Programs: Towards Proving the Absence of Buffer Overflow Vulnerabilities

Featured Edition

ISBN 10:  1848000162 ISBN 13:  9781848000162
Publisher: Springer, 2008
Hardcover

9788184895599: Value-Range Analysis of C Programs

New Ag..., 2010
Softcover

Top Search Results from the AbeBooks Marketplace

International Edition
International Edition

1.

Simon
ISBN 10: 1849967024 ISBN 13: 9781849967020
New Paperback Quantity Available: 1
International Edition
Seller:
Nick Book House
(Fresno, CA, U.S.A.)
Rating
[?]

Book Description Paperback. Condition: New. New, Softcover International Edition, Printed in Black and White, Different ISBN, Same Content As US edition, Book Cover may be Different, in English Language. Seller Inventory # 762

More information about this seller | Contact this seller

Buy New
US$ 22.99
Convert currency

Add to Basket

Shipping: US$ 3.99
Within U.S.A.
Destination, rates & speeds

2.

Axel Simon
Published by Springer London Ltd, United Kingdom (2011)
ISBN 10: 1849967024 ISBN 13: 9781849967020
New Paperback Quantity Available: 10
Print on Demand
Seller:
Book Depository International
(London, United Kingdom)
Rating
[?]

Book Description Springer London Ltd, United Kingdom, 2011. Paperback. Condition: New. Language: English . Brand New Book ***** Print on Demand *****. Abu?erover?owoccurswheninputiswrittenintoamemorybu?erthatisnot large enough to hold the input. Bu?er over?ows may allow a malicious person to gain control over a computer system in that a crafted input can trick the defectiveprogramintoexecutingcodethatisencodedintheinputitself.They are recognised as one of the most widespread forms of security vulnerability, and many workarounds, including new processor features, have been proposed to contain the threat. This book describes a static analysis that aims to prove the absence of bu?er over?ows in C programs. The analysis is conservative in the sense that it locates every possible over?ow. Furthermore, it is fully automatic in that it requires no user annotations in the input program. Thekeyideaoftheanalysisistoinferasymbolicstateforeachp- gram point that describes the possible variable valuations that can arise at that point. The program is correct if the inferred values for array indices and pointer o?sets lie within the bounds of the accessed bu?er. The symbolic state consists of a ?nite set of linear inequalities whose feasible points induce a convex polyhedron that represents an approximation to possible variable valuations. The book formally describes how program operations are mapped to operations on polyhedra and details how to limit the analysis to those p- tionsofstructuresandarraysthatarerelevantforveri?cation.Withrespectto operations on string bu?ers, we demonstrate how to analyse C strings whose length is determined by anul character within the string. Softcover reprint of hardcover 1st ed. 2008. Seller Inventory # AAV9781849967020

More information about this seller | Contact this seller

Buy New
US$ 153.03
Convert currency

Add to Basket

Shipping: FREE
From United Kingdom to U.S.A.
Destination, rates & speeds

3.

Simon, Axel
Published by Springer (2016)
ISBN 10: 1849967024 ISBN 13: 9781849967020
New Paperback Quantity Available: 1
Print on Demand
Seller:
Ria Christie Collections
(Uxbridge, United Kingdom)
Rating
[?]

Book Description Springer, 2016. Paperback. Condition: New. PRINT ON DEMAND Book; New; Publication Year 2016; Not Signed; Fast Shipping from the UK. No. book. Seller Inventory # ria9781849967020_lsuk

More information about this seller | Contact this seller

Buy New
US$ 151.52
Convert currency

Add to Basket

Shipping: US$ 5.10
From United Kingdom to U.S.A.
Destination, rates & speeds

4.

Axel Simon
Published by Springer London Ltd, United Kingdom (2011)
ISBN 10: 1849967024 ISBN 13: 9781849967020
New Paperback Quantity Available: 10
Print on Demand
Seller:
The Book Depository
(London, United Kingdom)
Rating
[?]

Book Description Springer London Ltd, United Kingdom, 2011. Paperback. Condition: New. Language: English . Brand New Book ***** Print on Demand *****.Abu?erover?owoccurswheninputiswrittenintoamemorybu?erthat isnot large enough to hold the input. Bu?er over?ows may allow a malicious person to gain control over a computer system in that a crafted input can trick the defectiveprogramintoexecutingcodethatisencodedintheinputitself.They are recognised as one of the most widespread forms of security vulnerability, and many workarounds, including new processor features, have been proposed to contain the threat. This book describes a static analysis that aims to prove the absence of bu?er over?ows in C programs. The analysis is conservative in the sense that it locates every possible over?ow. Furthermore, it is fully automatic in that it requires no user annotations in the input program. Thekeyideaoftheanalysisistoinferasymbolicstateforeachp- gram point that describes the possible variable valuations that can arise at that point. The program is correct if the inferred values for array indices and pointer o?sets lie within the bounds of the accessed bu?er. The symbolic state consists of a ?nite set of linear inequalities whose feasible points induce a convex polyhedron that represents an approximation to possible variable valuations. The book formally describes how program operations are mapped to operations on polyhedra and details how to limit the analysis to those p- tionsofstructuresandarraysthatarerelevantforveri?cation.Withrespectto operations on string bu?ers, we demonstrate how to analyse C strings whose length is determined by anul character within the string. Softcover reprint of hardcover 1st ed. 2008. Seller Inventory # AAV9781849967020

More information about this seller | Contact this seller

Buy New
US$ 158.02
Convert currency

Add to Basket

Shipping: FREE
From United Kingdom to U.S.A.
Destination, rates & speeds

5.

Axel Simon
Published by Springer London Ltd, United Kingdom (2011)
ISBN 10: 1849967024 ISBN 13: 9781849967020
New Paperback Quantity Available: 10
Seller:
Book Depository hard to find
(London, United Kingdom)
Rating
[?]

Book Description Springer London Ltd, United Kingdom, 2011. Paperback. Condition: New. Language: English . This book usually ship within 10-15 business days and we will endeavor to dispatch orders quicker than this where possible. Brand New Book. Abu?erover?owoccurswheninputiswrittenintoamemorybu?erthatisnot large enough to hold the input. Bu?er over?ows may allow a malicious person to gain control over a computer system in that a crafted input can trick the defectiveprogramintoexecutingcodethatisencodedintheinputitself.They are recognised as one of the most widespread forms of security vulnerability, and many workarounds, including new processor features, have been proposed to contain the threat. This book describes a static analysis that aims to prove the absence of bu?er over?ows in C programs. The analysis is conservative in the sense that it locates every possible over?ow. Furthermore, it is fully automatic in that it requires no user annotations in the input program. Thekeyideaoftheanalysisistoinferasymbolicstateforeachp- gram point that describes the possible variable valuations that can arise at that point. The program is correct if the inferred values for array indices and pointer o?sets lie within the bounds of the accessed bu?er. The symbolic state consists of a ?nite set of linear inequalities whose feasible points induce a convex polyhedron that represents an approximation to possible variable valuations. The book formally describes how program operations are mapped to operations on polyhedra and details how to limit the analysis to those p- tionsofstructuresandarraysthatarerelevantforveri?cation.Withrespec tto operations on string bu?ers, we demonstrate how to analyse C strings whose length is determined by anul character within the string. Softcover reprint of hardcover 1st ed. 2008. Seller Inventory # LIE9781849967020

More information about this seller | Contact this seller

Buy New
US$ 159.76
Convert currency

Add to Basket

Shipping: FREE
From United Kingdom to U.S.A.
Destination, rates & speeds

6.

Simon, Axel
Published by Springer (2011)
ISBN 10: 1849967024 ISBN 13: 9781849967020
New Quantity Available: > 20
Print on Demand
Seller:
Pbshop
(Wood Dale, IL, U.S.A.)
Rating
[?]

Book Description Springer, 2011. PAP. Condition: New. New Book. Shipped from US within 10 to 14 business days. THIS BOOK IS PRINTED ON DEMAND. Established seller since 2000. Seller Inventory # IQ-9781849967020

More information about this seller | Contact this seller

Buy New
US$ 161.17
Convert currency

Add to Basket

Shipping: US$ 3.99
Within U.S.A.
Destination, rates & speeds

7.

Axel Simon
Published by Springer London Ltd (2011)
ISBN 10: 1849967024 ISBN 13: 9781849967020
New Quantity Available: > 20
Print on Demand
Seller:
Books2Anywhere
(Fairford, GLOS, United Kingdom)
Rating
[?]

Book Description Springer London Ltd, 2011. PAP. Condition: New. New Book. Delivered from our UK warehouse in 4 to 14 business days. THIS BOOK IS PRINTED ON DEMAND. Established seller since 2000. Seller Inventory # LQ-9781849967020

More information about this seller | Contact this seller

Buy New
US$ 154.95
Convert currency

Add to Basket

Shipping: US$ 11.87
From United Kingdom to U.S.A.
Destination, rates & speeds

8.

Axel Simon
Published by Springer (2011)
ISBN 10: 1849967024 ISBN 13: 9781849967020
New Paperback Quantity Available: 1
Seller:
Ergodebooks
(RICHMOND, TX, U.S.A.)
Rating
[?]

Book Description Springer, 2011. Paperback. Condition: New. Softcover reprint of hardcover 1. Seller Inventory # DADAX1849967024

More information about this seller | Contact this seller

Buy New
US$ 191.09
Convert currency

Add to Basket

Shipping: US$ 3.99
Within U.S.A.
Destination, rates & speeds

9.

AXEL SIMON
Published by Springer (2011)
ISBN 10: 1849967024 ISBN 13: 9781849967020
New Paperback Quantity Available: 1
Seller:
Herb Tandree Philosophy Books
(Stroud, GLOS, United Kingdom)
Rating
[?]

Book Description Springer, 2011. Paperback. Condition: NEW. 9781849967020 This listing is a new book, a title currently in-print which we order directly and immediately from the publisher. For all enquiries, please contact Herb Tandree Philosophy Books directly - customer service is our primary goal. Seller Inventory # HTANDREE0311001

More information about this seller | Contact this seller

Buy New
US$ 190.50
Convert currency

Add to Basket

Shipping: US$ 10.52
From United Kingdom to U.S.A.
Destination, rates & speeds

10.

Axel Simon
Published by Springer (2011)
ISBN 10: 1849967024 ISBN 13: 9781849967020
New Softcover Quantity Available: 15
Print on Demand
Seller:
Rating
[?]

Book Description Springer, 2011. Condition: New. This item is printed on demand for shipment within 3 working days. Seller Inventory # LP9781849967020

More information about this seller | Contact this seller

Buy New
US$ 202.02
Convert currency

Add to Basket

Shipping: US$ 3.46
From Germany to U.S.A.
Destination, rates & speeds

There are more copies of this book

View all search results for this book